Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2021-4173.NASLHistoryNov 11, 2021 - 12:00 a.m.
RHEL 8 : exiv2 (RHSA-2021:4173)
2021-11-1100:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
EPSS
0.01
Percentile
83.9%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4173 advisory.
-
exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() (CVE-2021-3482)
-
exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29457)
-
exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode (CVE-2021-29458)
-
exiv2: Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata (CVE-2021-29463)
-
exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29464)
-
exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29470, CVE-2021-37619)
-
exiv2: Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29473)
-
exiv2: Use of uninitialized memory in isWebPType() may lead to information leak (CVE-2021-29623)
-
exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292)
-
exiv2: DoS due to quadratic complexity in ProcessUTF8Portion (CVE-2021-32617)
-
exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:4173. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155217);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");
script_cve_id(
"CVE-2021-3482",
"CVE-2021-29457",
"CVE-2021-29458",
"CVE-2021-29463",
"CVE-2021-29464",
"CVE-2021-29470",
"CVE-2021-29473",
"CVE-2021-29623",
"CVE-2021-31292",
"CVE-2021-32617",
"CVE-2021-37618",
"CVE-2021-37619"
);
script_xref(name:"RHSA", value:"2021:4173");
script_name(english:"RHEL 8 : exiv2 (RHSA-2021:4173)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2021:4173 advisory.
- exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() (CVE-2021-3482)
- exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29457)
- exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode (CVE-2021-29458)
- exiv2: Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata (CVE-2021-29463)
- exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29464)
- exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29470, CVE-2021-37619)
- exiv2: Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29473)
- exiv2: Use of uninitialized memory in isWebPType() may lead to information leak (CVE-2021-29623)
- exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS
(CVE-2021-31292)
- exiv2: DoS due to quadratic complexity in ProcessUTF8Portion (CVE-2021-32617)
- exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7240878e");
# https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_4173.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dffd5a36");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:4173");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1946314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1952607");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1952612");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1953708");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1954065");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1961650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1961691");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1978100");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1978105");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1989860");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1990330");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992165");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992174");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29464");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(119, 120, 125, 400, 787, 908);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exiv2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exiv2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exiv2-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:exiv2-libs");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel8/8.10/aarch64/appstream/debug',
'content/dist/rhel8/8.10/aarch64/appstream/os',
'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.10/aarch64/codeready-builder/os',
'content/dist/rhel8/8.10/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/appstream/debug',
'content/dist/rhel8/8.10/ppc64le/appstream/os',
'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/s390x/appstream/debug',
'content/dist/rhel8/8.10/s390x/appstream/os',
'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.10/s390x/codeready-builder/debug',
'content/dist/rhel8/8.10/s390x/codeready-builder/os',
'content/dist/rhel8/8.10/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/appstream/debug',
'content/dist/rhel8/8.10/x86_64/appstream/os',
'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.10/x86_64/codeready-builder/os',
'content/dist/rhel8/8.10/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/appstream/debug',
'content/dist/rhel8/8.6/aarch64/appstream/os',
'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.6/aarch64/codeready-builder/os',
'content/dist/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/appstream/debug',
'content/dist/rhel8/8.6/ppc64le/appstream/os',
'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/s390x/appstream/debug',
'content/dist/rhel8/8.6/s390x/appstream/os',
'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.6/s390x/codeready-builder/debug',
'content/dist/rhel8/8.6/s390x/codeready-builder/os',
'content/dist/rhel8/8.6/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/appstream/debug',
'content/dist/rhel8/8.6/x86_64/appstream/os',
'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.6/x86_64/codeready-builder/os',
'content/dist/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/appstream/debug',
'content/dist/rhel8/8.8/aarch64/appstream/os',
'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.8/aarch64/codeready-builder/os',
'content/dist/rhel8/8.8/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/appstream/debug',
'content/dist/rhel8/8.8/ppc64le/appstream/os',
'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/s390x/appstream/debug',
'content/dist/rhel8/8.8/s390x/appstream/os',
'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.8/s390x/codeready-builder/debug',
'content/dist/rhel8/8.8/s390x/codeready-builder/os',
'content/dist/rhel8/8.8/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/appstream/debug',
'content/dist/rhel8/8.8/x86_64/appstream/os',
'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.8/x86_64/codeready-builder/os',
'content/dist/rhel8/8.8/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/appstream/debug',
'content/dist/rhel8/8.9/aarch64/appstream/os',
'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.9/aarch64/codeready-builder/os',
'content/dist/rhel8/8.9/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/appstream/debug',
'content/dist/rhel8/8.9/ppc64le/appstream/os',
'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/s390x/appstream/debug',
'content/dist/rhel8/8.9/s390x/appstream/os',
'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.9/s390x/codeready-builder/debug',
'content/dist/rhel8/8.9/s390x/codeready-builder/os',
'content/dist/rhel8/8.9/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/appstream/debug',
'content/dist/rhel8/8.9/x86_64/appstream/os',
'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.9/x86_64/codeready-builder/os',
'content/dist/rhel8/8.9/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/aarch64/appstream/debug',
'content/dist/rhel8/8/aarch64/appstream/os',
'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8/aarch64/codeready-builder/debug',
'content/dist/rhel8/8/aarch64/codeready-builder/os',
'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/ppc64le/appstream/debug',
'content/dist/rhel8/8/ppc64le/appstream/os',
'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8/ppc64le/codeready-builder/os',
'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/s390x/appstream/debug',
'content/dist/rhel8/8/s390x/appstream/os',
'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8/s390x/codeready-builder/debug',
'content/dist/rhel8/8/s390x/codeready-builder/os',
'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/x86_64/appstream/debug',
'content/dist/rhel8/8/x86_64/appstream/os',
'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8/x86_64/codeready-builder/debug',
'content/dist/rhel8/8/x86_64/codeready-builder/os',
'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS'
],
'pkgs': [
{'reference':'exiv2-0.27.4-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'exiv2-devel-0.27.4-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'exiv2-doc-0.27.4-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'exiv2-libs-0.27.4-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'exiv2 / exiv2-devel / exiv2-doc / exiv2-libs');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
| redhat | enterprise_linux | exiv2 | p-cpe:/a:redhat:enterprise_linux:exiv2 |
| redhat | enterprise_linux | exiv2-devel | p-cpe:/a:redhat:enterprise_linux:exiv2-devel |
| redhat | enterprise_linux | exiv2-doc | p-cpe:/a:redhat:enterprise_linux:exiv2-doc |
| redhat | enterprise_linux | exiv2-libs | p-cpe:/a:redhat:enterprise_linux:exiv2-libs |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37619
www.nessus.org/u?7240878e
www.nessus.org/u?dffd5a36
access.redhat.com/errata/RHSA-2021:4173
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1946314
bugzilla.redhat.com/show_bug.cgi?id=1952607
bugzilla.redhat.com/show_bug.cgi?id=1952612
bugzilla.redhat.com/show_bug.cgi?id=1953708
bugzilla.redhat.com/show_bug.cgi?id=1954065
bugzilla.redhat.com/show_bug.cgi?id=1961650
bugzilla.redhat.com/show_bug.cgi?id=1961691
bugzilla.redhat.com/show_bug.cgi?id=1978100
bugzilla.redhat.com/show_bug.cgi?id=1978105
bugzilla.redhat.com/show_bug.cgi?id=1989860
bugzilla.redhat.com/show_bug.cgi?id=1990330
bugzilla.redhat.com/show_bug.cgi?id=1992165
bugzilla.redhat.com/show_bug.cgi?id=1992174
Related
nessus
nessus
CentOS 8 : exiv2 (CESA-2021:4173)
2021-11-11 00:00:00
AlmaLinux 8 : exiv2 (ALSA-2021:4173)
2022-02-09 00:00:00
Rocky Linux 8 : exiv2 (RLSA-2021:4173)
2023-11-06 00:00:00
rocky
rocky
exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
compat-exiv2-026 security update
2021-11-09 09:00:36
redhat
redhat
(RHSA-2021:4173) Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
(RHSA-2021:4319) Moderate: compat-exiv2-026 security update
2021-11-09 09:00:36
osv
osv
Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
exiv2 vulnerabilities
2021-05-25 14:27:26
almalinux
almalinux
Moderate: exiv2 security, bug fix, and enhancement update
2021-11-09 08:31:22
Moderate: compat-exiv2-026 security update
2021-11-09 09:00:36
mageia
mageia
Updated exiv2 packages fix security vulnerabilities
2021-06-08 19:46:03
archlinux
archlinux
[ASA-202106-54] exiv2: multiple issues
2021-06-22 00:00:00
freebsd
freebsd
Exiv2 -- Multiple vulnerabilities
2021-04-25 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0240)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2021-2293)
2021-08-09 00:00:00
Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2021-2327)
2021-09-04 00:00:00
ubuntu
ubuntu
Exiv2 vulnerabilities
2021-05-25 00:00:00
Exiv2 vulnerabilities
2021-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: exiv2-0.27.3-6.fc33
2021-05-14 21:12:27
[SECURITY] Fedora 34 Update: exiv2-0.27.3-6.fc34
2021-05-04 01:01:31
[SECURITY] Fedora 34 Update: mingw-exiv2-0.27.3-5.fc34
2021-05-10 01:07:02
oraclelinux
oraclelinux
compat-exiv2-026 security update
2021-11-16 00:00:00
debian
debian
[SECURITY] [DSA 4958-1] exiv2 security update
2021-08-13 20:53:51
[SECURITY] [DLA 2750-1] exiv2 security update
2021-08-30 03:03:59
gentoo
gentoo
Exiv2: Multiple Vulnerabilities
2023-12-22 00:00:00
ubuntucve
ubuntucve
amazon
amazon
Medium: exiv2
2023-08-17 11:58:00
suse
suse
Security update for exiv2 (important)
2022-10-17 00:00:00
Security update for exiv2 (important)
2022-11-07 00:00:00
alpinelinux
alpinelinux
nvd
nvd
cve
cve
veracode
veracode
Denial Of Service (DoS)
2021-06-01 10:29:27
Denial Of Service (DoS)
2021-06-01 09:19:53
Denial Of Service (DoS)
2021-05-24 09:29:53
cnvd
cnvd
Exiv2 out-of-bounds read vulnerability (CNVD-2021-61439)
2021-08-10 00:00:00
Exiv2 out-of-bounds read vulnerability (CNVD-2021-61795)
2021-08-10 00:00:00
Exiv2 integer overflow vulnerability (CNVD-2021-62191)
2021-07-27 00:00:00
cvelist
cvelist
CVE-2021-37619 Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header
2021-08-09 00:00:00
CVE-2021-29473 Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata
2021-04-26 00:00:00
CVE-2021-31292
2021-07-26 00:00:00
prion
prion
debiancve
debiancve
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2021-29473 affecting package exiv2 for versions less than 0.27.5-1
2022-06-25 20:53:09
CVE-2021-37619 affecting package exiv2 for versions less than 0.27.5-1
2022-06-25 20:53:09
CVE-2021-37618 affecting package exiv2 for versions less than 0.27.5-1
2022-06-25 20:53:09
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
EPSS
0.01
Percentile
83.9%
Related for REDHAT-RHSA-2021-4173.NASL